Validating user inputyour users data useless isnt used

C H A P T E R 1 1

We will build a PHP class that acts as an abstraction layer for user input, and expand it in a modular way so that it can safely validate values as belonging to specific data types and formats.

Finally, we discuss strategies for finding input validation vulnerabilities in your applica-tions. There is no one class of attack that form validation prevents. Rather, proper checking and limiting of user input will cut off avenues that could have been used for many of the kinds of attacks we will be discussing in Part 3 of this book, including SQL injection, file discovery, remote execution, and still other attacks that don’t even have names yet. Form validation generally attempts to prevent exploits by stopping abusive or resource-intensive operations before they ever start.